Dumbing down society is one reason (giving less control to the user is better, so they don't have to worry about stuff much). Installing in appdata doesn't require user's authorization.

I never could understand developers of free software who doesn't believe in portable versions, especially when software doesn't NEED any installation to function properly and unnecessary clogging up registry, instead of storing settings in a file, not only making it harder to backup but also making system slower and slower.

P.S.
I do have problems with any software that use appdata for executables. In my opinion any software that runs from appdata should be classified as malicious, because it's there after exploiting a flaw in Windows to bypass UAC without user's consent.
Also, devs, not everyone have 1tb SSD as system drive, some of us struggling with 16gb!

f.lux uses 1.9MB installed, so we're <1% the size of iTunes or less than <0.3% Photoshop. It's pretty hard to claim that f.lux will fill up any SSD made in the last 15 years.

We work hard at making f.lux small, because our download costs are directly tied to that number. If we were iTunes-sized, a full update on Windows would cost us a super-fast exotic sports car each time.

Several points here:

We want f.lux to be installable by anyone (non-admins), and

We want f.lux to update to a bug-free version by default, because we can't reasonably support it otherwise

The Vista-era UAC is very imperfect. From the beginning, automatic updates using MSI signing have been broken - they require "chaining" in order to update old users, basically anyone who installed a build more than a year old. But there is no magic, it's just a lot of prompts when you reboot.

Windows Store is a big improvement, because update finally works! It's a minority of our users right now though.

Some companies (like Google) have made their own automatic updater software that works with Program Files, but they do this by running their own LOCALSYSTEM service - we just don't run anything at that privilege level.

Instead we do what Dropbox and Spotify do, and keep the software up to date by running as the user, not as the Administrator.

We need to do this for two reasons: 1) we rely on several web services for location, presets, etc. and 2) we still regard f.lux as "driver level" because bugs in (other people's) drivers interacting with f.lux have caused some big problems. Updating most of our users away from these bugs is very important. You simply cannot convince millions of people to update by hand, it doesn't work.

Regarding portability: we store most state in the registry, because it's the "right" way to do it, but we will have more options for this in the future. If you can backup and restore the f.lux registry hive, there is very little extra state in the app. Most of the problems with making f.lux portable concern automatic update, not program state.

It doesn't matter how big or small the program is, appdata is not for executables, period!
If every developer used this logic "my app is so small, no reason ask user were to install it" the PC would turn into smart phone clone (although it seems windows is heading that way anyway)

How many Windows users out there that don't have admin privileges on their Windows PC? Perhaps by providing ability change installation directory it would allow install by non-admin and receive updates by non-admins. Or better yet - a portable version would kill 3 birds with one stone...

Regarding updates, there are two different approaches in software updates:

update notification with provided ability to install

forced update

A good software would use #1 and allow user choice if they want update or not (and perhaps even allow them chose if app should remember their choice in next update). Many users don't like fresh updates, because often it bring more problems and they want to see other users responses first.
f.lux unfortunately chosen #2, doing it without user's consent, opening a door for installing whatever it wants without user's knowledge, sorry, but that's exactly how backdoor trojans work...
"You simply cannot convince millions of people to update by hand, it doesn't work." that's precisely why #2 approach is bad, because a lot of people disable auto updates that happen without their knowledge and now have to update it manually.

[EDIT]
And f.lux team being an asshole, by giving negative reputation to posts they don't like, while we, mortals, can only give positive reputation...